Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Misbehaving Xp Pro--need Some Help And Advice


  • Please log in to reply
29 replies to this topic

#1 blwa

blwa

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:31 AM

Posted 28 June 2007 - 02:48 AM

Hello,

Need some insights...my son's laptop may have been infected by virus or a trojan horse that impacted the Explorer.exe routine. In addition to being very lethargic especially at startup and shutdown, the CPU usage in Task Manager runs close to 100%. I have tried a few free antivirus software which has found several other trojans, etc. I hope to be able to load McAfee but can't get the new dat files since there seems to be a problem with connecting to the internet. NIC properties indicate it is functioning properly.

I was able to load SP2 while in safe mode but after the initial boot, the slowness again happens. This is really getting to be a trying exercise!!! Would appreciate any insights.

Thank you in advance,

Blaine

BC AdBot (Login to Remove)

 


m

#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,571 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:31 AM

Posted 28 June 2007 - 02:53 AM

You can download the McAfee DAT file manually from this site and transfer it to the infected computer on CD or using a flash drive. Then run the McAfee scan in Safe Mode.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 blwa

blwa
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:31 AM

Posted 28 June 2007 - 03:53 AM

Hey Budapest,

Thanks for the advice...I'll give it a try IF I can successfully load a copy of McAfee's VirusScan.

What is puzzling to me is the slowness of refreshing the desktop in closing a window such as My Computer or Control Panel. Sometimes, this delay in refresh takes about a minute or so.

Right now, I have started loading of the VirusScan software and it is hung up in the setup routine...with 33.8% completion of "recomposing data". Task Manager doesn't show any unusual CPU usage...just the occasional low spike. Ended setup of McAfee with TM's end task.

Although I have run SP2 upgrade before, I still see error messages related to Explorer.exe. I will run it again from within the normal XP desktop rather than from Safe Mode.

Thanks for you help,

Blaine

#4 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,073 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:01:31 PM

Posted 28 June 2007 - 03:00 PM

I'd suspect that you're either still infected, or that the virus has damage the operating system (and the damage remained after the virus was removed). So, the first step is (as Budapest mentioned) to ensure that you're free of malware. Once that's assured, then we can work on the OS to fix it.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#5 blwa

blwa
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:31 AM

Posted 29 June 2007 - 03:50 AM

Usasma,

Thanks for joining the discussion and providing advice.

Here's where I currently stand: installed Ad-Aware 2007 and AntiVir PE Classic. AntiVir was the only virus software that I could load; tried to install McAfee, Avast, and ActiveVirusShield each stopped for one reason or another...initiate to a point then halt. As things currently stand, AntiVir is operating but without the latest virus definition file. One other consequence of this sick laptop is it can't connect to the internet, thus, I can't get automatic updates...for now, I'm leaving that issue until I can get a sanitized and functionally operating laptop.

With the old virus definition files, AntiVir didn't find anything. However, I've run Ad-Aware several times and each time it finds something. The last time, I did a full scan and will do another just for kicks to see what it finds. Is there also an update file for this application?

Well, thank you in advance.

Blaine

#6 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,571 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:31 AM

Posted 29 June 2007 - 03:59 AM

You can download the current definition files for Ad-Aware from here. There is a link at the top right of the page.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#7 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:02:31 PM

Posted 29 June 2007 - 04:41 AM

One suggestion, disconnect from the internet and stay disconnected, just because it won't let you connect doesn't mean that it's not downloading more malware as you remove them
Chewy

No. Try not. Do... or do not. There is no try.

#8 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,073 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:01:31 PM

Posted 29 June 2007 - 06:22 AM

I would suggest searching Google for free, command line antivirus scanners (and the updates) then booting with a boot disk to run the scanner.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#9 blwa

blwa
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:31 AM

Posted 02 July 2007 - 02:34 PM

Hey Sgt Maj,

I've tried looking for a free command line antivirus couldn't get one...you have any suggested links. As this laptop doesn't have a floppy, I'll have to prep a CD. Other than going thru BIOS setup to boot from CD, any suggestions or recommendations that I should consider or be aware of?

Thanks for you help.

Blaine

#10 richC

richC

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:west ingsdown Uk( Brands Hatch)
  • Local time:06:31 PM

Posted 02 July 2007 - 07:32 PM

seeing as its a laptop --is the hard disk removable ?--its normally very easy --and -presuming you have a normal pc and a lil knowlege then just turn off your desktop ,disconnect your hard-drives and connect the lap top using a
40-way IDC to 44-way Micro IDC with power connector
not sure where u are but
also called IDE to 2.5 Laptop IDE cable --once connected then reboot --in effect you will be using the laptops HD on your destop--in UK cable is only 5.00
ive found it invaluable -altho there are some laptops with permanent HD's --and rules out any other issues (motherboard etc)
just a suggestion
UK retailer

http://www.maplin.co.uk/Module.aspx?Module...24&T=Module
thats all i can do --im still training software side--:flowers:
Rich :thumbsup:

#11 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,073 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:01:31 PM

Posted 03 July 2007 - 10:17 AM

You'll need a CD that can boot to a command line - the Ultimate Boot CD is a good one (and may have command line tools in it).

Here's a google for command line scanners - cruising around inside the links will show you the free trials and free programs that you can obtain. http://www.mcafee.com/us/enterprise/produc...ndows_unix.html
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#12 blwa

blwa
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:31 AM

Posted 09 July 2007 - 04:51 PM

USASMA,

Thanks...I was finally able to download the latest beta version of command line scanner and ran it in safe mode. It found several trojans which it deleted; i ran it again to make sure and it didn't find any on last run. My local CompUSA store didn't carry this product...they were only interested and suggested i bring the laptop into the store for tech support to look at it.

I'm now running AdAware 2007 and already it has found "Win32.TrojanDownlader.Alhpabet" in file C:\windows\mgrs.exe and process CSI c:\windows\mgrs.exe. These are the two hang ons which have been happening. I rebooted and ran AdAware again and immediately it found the same things. Arrrrrr!!!!

Have also noticed that the system still takes a long time to reach the desktop. One of the error messages I see is

RUNDLL...error loading C:\windows\sys32\amtverox.dll...The specified module could not found.

Sorry I can't block and paste the error messages and any other listings, etc. since the laptop does not connect to the internet...the other problem still requiring my attention. I have found the registry entry for amtverox.dll...don't know what it is for. Should/can I use regedit to delete without jeopardizing really messing up this installation of windows?

As I may have mentioned, this is my son's laptop and he has not been able to locate the recovery discs...so being careful but realizing a complete reload maybe the only last recourse.

Really appreciate your assistance.

Blaine

#13 blwa

blwa
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:31 AM

Posted 10 July 2007 - 01:17 AM

To Whomever can help:

Here's some additional information regarding the amtverox.dll.

The error message is tied to a registry entry

HKEY_LOCAL-MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\

Name: "DllRunning"
Type: "REG_SZ"
Data: "rundll32.exe "C:\WINDOWS\System32\amtverox.dll",setvm"

Thank you in advance,

Blaine

#14 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,571 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:31 AM

Posted 10 July 2007 - 01:23 AM

Try running your antivirus and antispyware scans in Safe Mode.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#15 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:11:31 AM

Posted 10 July 2007 - 01:33 AM

My recommendation would be to download avast free and the latest dat files to a thumb drive, then in safe mode install avast. once avast is installed, install the update definitions. once this is done, run avast, and set it to do a boot time scan. Here Avast Home Free download. Here is the Update file. This will normally kill anything that keeps coming back, along with a lot of other nasties.
The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users